Presentation is loading. Please wait.

Presentation is loading. Please wait.

#SummitNow Fighting viruses with Alfviral 2013 Fernando González @fegorama.

Published byMelina McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "#SummitNow Fighting viruses with Alfviral 2013 Fernando González @fegorama."— Presentation transcript:

1 #SummitNow Fighting viruses with Alfviral 2013 Fernando González fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

2 #SummitNow Virus today... inside of: Word and Writer documents PowerPoint and Impress documents PDF (Portable Document Format) …more Why? fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

3 #SummitNow Alfviral is a module installable in Alfresco (Repository and Share) that uses an antivirus software (currently ClamAV and VirusTotal.com) to scan both new uploaded documents and those already present in the repository. What is it? fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

4 #SummitNow How it works Three different modes: Running virus scan program with defined parameters Sending document data flow to an antivirus port Using JSON/HTTP protocol to send files to www.totalantivirus.com fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

5 #SummitNow Features Detection through 3 modes Use of "policies" to scan uploaded and/or read content Use of "scheduler" to scan spaces programmatically Use of action "Scan" in user interfaces (Alfresco and Share) File exceptions Assignment of "aspects" to classify infections fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

6 #SummitNow Architecture Image title Modes Command Instream Virustotal

7 #SummitNow Action Share to Repository Java Class VirusScan Repository action (Javascript) Scanfile Share ui-action (Web Script) Scanfile-action

8 #SummitNow Configuration Use of alfviral.properties file for configuration Modes Events Schedules Exceptions # Command to exec, i.e. clamscan, alfviral.sh, etc. alfviral.command=C\:\\Users\\fegor\\Documents\\alfviral.bat # Config for ClamAV in stream data alfviral.timeout=30000 alfviral.host=127.0.0.1 alfviral.port=3310 #Config for VIRUSTOTAL vt.key=246df658bca5e2968956c01b2eb3a00b0cb506bda7 74b7148802020302 vt.url=https://www.virustotal.com/vtapi/v2/file/scan # Modes: COMMAND, INSTREAM, VIRUSTOTAL alfviral.mode=VIRUSTOTAL # Events alfviral.on_update=TRUE alfviral.on_read=FALSE # Scheduled action alfviral.scheduled.pathQuery=/app:company_home/st:sites alfviral.scheduled.cronExpression=* * 3 * * ? 2099 # List of file exceptions alfviral.file.exceptions=text/html|text/xml|application/pdf|ima ge/jpeg|text/plain

9 #SummitNow Aspects for detection control Properties personalized based on type of infection, for example: Date of detection Code of response ID Scan SHA256 Positives Etc.

10 #SummitNow More ways to scan Automation Upload/Create and Load documents Actions/Rules Scanning Planification Scheduled Actions Interactive Scanning Actions Run UI Actions fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

11 #SummitNow To Do… List of Mime-Types inclusions Dashlets for monitorization Reports of activity Refactoring, refactoring and refactoring…

12 #SummitNow Advanced To Do… Connectors and interfaces for scanning and virus detection for: Symantec Trend Micro McAfee Avast! …and more!

13 #SummitNow Where is the project? http://code.google.com/p/alfviral fernando.gonzalez@ricoh.es fernando.gonzalez@ricoh.es @fegorama

14 #SummitNow

Download ppt "#SummitNow Fighting viruses with Alfviral 2013 Fernando González @fegorama."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Making the System Operational

Making the System Operational
© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Business Solutions Network Security Solutions Gateway Security

Business Solutions Network Security Solutions Gateway Security
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
AppManager 7: Deep Technical Dive Tim Sedlack & Michi Schniebel Sr. Product Managers.

AppManager 7: Deep Technical Dive Tim Sedlack & Michi Schniebel Sr. Product Managers.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
1 Trend Micro InterScan Web Security Suite ™ 2.5 戴 燊 Samson Tai 趨勢科技 台灣區技術行銷部 技術顧問.

1 Trend Micro InterScan Web Security Suite ™ 2.5 戴 燊 Samson Tai 趨勢科技 台灣區技術行銷部 技術顧問.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Simple Web SQLite Manager/Form/Report

Simple Web SQLite Manager/Form/Report
Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
First Indico Workshop Conversion Server Thomas Baron 29-27 May 2013 CERN.

First Indico Workshop Conversion Server Thomas Baron May 2013 CERN.
Zach Moshe Rotem Naar.  File upload vulnerabilities overview  FUV – detailed overview  Live demonstration  In the future…

Zach Moshe Rotem Naar.  File upload vulnerabilities overview  FUV – detailed overview  Live demonstration  In the future…
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Similar presentations

Ads by Google